HD-DVD and Blu-Ray Protections Fully Broken 682
gEvil (beta) writes "According to an article at BoingBoing, the processing keys for the AACS encryption scheme used by both HD-DVD and Blu-Ray video discs have been extracted, and a crack has been released. What this means is that there is now a method to extract the copy-protected content of any HD-DVD or Blu-Ray disc out there. This is different from Muslix64's previous crack, which only extracted the volume key for each disc. This new method bypasses this step and allows anyone to extract the data without first requiring the volume key."
Doom9's Forum (Score:5, Informative)
Later posts seem to confirm that it works for both BR and HD-DVD
Re:All DRM implementations will be broken. (Score:5, Informative)
Not Really Broken (Score:5, Informative)
One key thing to take away from this is that the authors of the software made it really easy to pull the device keys out of memory for two reasons
Even that approach isn't hack-proof, but it is a lot harder to dump the cpu registers under such conditions than it is to trace memory accesses.
Re:All DRM implementations will be broken. (Score:5, Informative)
Re:Not Really Broken (Score:5, Informative)
Under most versions of unix, only one debugger can attach to a process at a time. So an easy trick to prevent being debugged is to make the program attach to itself, thus locking out other debuggers. Some unices don't let a process attach to itself, but for those it may be possible to fork a child and have each process mutually debug the other. I'm not an NT programmer, but I would bet something along those lines works the same there too.
Don't get me wrong, nothing is fool-proof (and I said so in my first post) the best these guys can do is make it difficult. So far, the windvd/powerdvd guys just wiped the device key from memory after use which is about the bare minimum - they could have done lots more without too much effort.
Re:Not Really Broken (Score:5, Informative)
You've clearly never worked with a good hardware-assisted debugger. And virtualization makes this scenario possible without debugger hardware support.
Even more, no matter what, the key has to make its way from the device to the CPU register. On every modern machine that transaction goes through memory. Which means that brute-force tracing from the device to the registers should be able to find it. Not necessarily easily, but quite doable.
DRM is dead. Let's bury it.
Re:Nice. (Score:5, Informative)
Re:Nope, it's really cracked (Score:4, Informative)
You don't need the hardware to be networked in order to do key revokation - all the current discs continue to work just fine, but future discs will be encoded so they cannot be decoded with this key (this is the basis of AACS key revokation).
This is definately not "fully broken" - fully broken is when I can use the crack indefinately *without* having to get a new player and extract a key from it every so often. i.e. it involves finding a flaw in the algorithm that allows you to decode the disc without needing to extract any data from a legitimate player to do so.
Re:props to Muslix64 and hackers everywhere (Score:5, Informative)
That said, they have got a player key now, so all disks published to date can be decoded.
Each player has its own player key, and each disk accepts any player key in its list (the player key is used to decode the volume key which decodes the film).
With this player key, they can decode any HD-DVD which has been printed already. However, as the key has now been compromised, future disks will not accept that player key. The software will have its player key updated, but the software will be tightened in an attempt to remove this loophole.
Take a look at the archives of http://www.freedom-to-tinker.com/ [freedom-to-tinker.com] for a detailed discussion.
Re:All DRM implementations will be broken. (Score:4, Informative)
Of course the devil is in the details. It's fully possible to build an insecure system around a secure TPM chip, and no doubt that's going to be done, too.
Then again, TPM isn't bad, on it's own. It really depends on who owns the TPM. As long as I own it, it just might be good. The moment someone else owns it, then I merely pretend to own my system that has it, and that's bad. Some time ago, I picked the (M) stuff for the kernel build on my Thinkpad, and have been building them ever since. I've never used them yet, but if SOMEBODY is going to be controlling that chip, I want it to be ME.
All TPM implementations will be broken. (Score:0, Informative)
BTW to the poster who asked: when will media companies give up? I'll ask, when will people stop trying to get content without paying for it?
Re:All DRM implementations will be broken. (Score:3, Informative)
No, the problem with TPM was that lousy Jar-Jar character. He had more than enough jibber-jabber.
Re:look at book publishers... (Score:4, Informative)
The authors involved agree that this helps get their names out and generates demand for paper copies and paid-for e-copies of their work. The reduced overhead of e-publishing compared to paper publishing more than covers any "piracy", I guess. The "Baen's Universe" e-magazine pays the authors better rates than the current paper magazines (Asimov's, Analog, etc) do. (Don't know about the book payment side. I hope to find out first hand at some point
Re:All DRM implementations will be broken. (Score:3, Informative)
It can be shown that if two people know a secret, they can exchange information over a common channel, and eavesdroppers can't decrypt the message without trying every possible secret. This is somewhat like sending a safe through the mail - anyone intercepting packages at the post office would have to try every possible combination to get it open. Even if they knew the design of the safe. Even if they had helped design the safe.
A real-world example of this is the design of the ATM [oldskool.org]: The author used public-key encryption so that even if he were trying to break the encryption, he wouldn't be able to. While he made the design, he doesn't know the secret key.
The reason such strong encryption can't be used on DRM is because they have to give you the secret. It's like giving you a safe, giving you the code, and then telling you that you should only open it in certain circumstances.
Re:Horseshoe racket (Score:3, Informative)
That doesn't mean that they have to get out of the movie(blacksmithing) making business. It's just that they have to realize that they're not going to sell physical media products such as VHS tapes and DVDs forever. DRM isn't working, giving only months of protection in this case. Most of the anime DVDs I purchase don't have DRM. They have empty keys and the macrovision bit isn't set*. Why? The Anime companies took a look at their target market and figured out that DRM A: Annoys their customer base, and B: said customer base is on average technically skilled enough that DRM is less than an annoyance to their copying efforts. Yet they can still make money on sales.
Music content is shifting away from CDs to online, why shouldn't movies? Heck, I'd love to be able to purchase a movie online, then download it to my computer/DVR to watch while I do something else. It'd be faster than netflix and not require so much personal time as a rental place that I have to drive to(not to mention better selection).
Most people are willing to pay money for a legitimate product as long as it's competitive with the real one. Generally the legitimate producer has advantages of superior quality, the ability to advertise, operate a real storefront, etc... Illegal producers have the advantage of not having to create the material, allowing them to be cheaper.
The MPAA/RIAA have both messed up in their attempts to move into the market niche currently taken by pirates(online), by their insistance on using DRM, as it has in some cases managed to give the pirates an advantage: Their version's superior. One example was a couple DVDs released by disney that had 5 minutes of non-skippable advertising before the movie could be played. Another would be MP3's downloaded off the internet vs the commercial CD which attempts to silently install a back-door DRM that leaves a mile-wide vulnerability in your system. For that matter, storing movies on a TB size DVR type device vs having hundreds of DVDs that you have to physically search through to find the video you want to see.
*setting it costs $, and since the companies found that it's effectivness in preventing copying approached zero, decided not to waste the money.
Re:props to Muslix64 and hackers everywhere (Score:5, Informative)
MOD PARENT Up! (Score:5, Informative)
Essentially, what he is saying is this: while the crack is temporary, the method of attack is unassailable under the current model.
That's whats important here. If keys get revoked, its a trivial matter to go get them again. The hard work has been done. Now all you have to do is follow procedures and -voila- you can crack AACS too.
Despite other comments on this board, AACS IS cracked.
Re:Yes, someone walk us through this. (Score:3, Informative)
Of course, there's nothing stopping them from simply moving the key around each time, however then you merely need to find the location that the pointer to the key's location is stored to defeat that. They could also pile on more layers of obscurity of a wide variety of types in order to protect the ones below them, but they'll merely delay the inevitable, like all DRM, as you have no way of knowing if a customer could be a possible attacker and thus must allow everyone access to the content.
Re:props to Muslix64 and hackers everywhere (Score:3, Informative)
Re:Not Really Broken (Score:2, Informative)
Each volume key is encrypted a couple of thousand times and stored on the media. Each encryption is done with an individual device key. If your player's device key was not used for any of those volume key encryptions (as in it was revoked), your player will not be able to decrypt the volume key and thus will not be able to decrypt the movie. So there is no way to simply patch a routine to always return "OK" because it doesn't return OK, it returns the key needed to decrypt the movie.
Re:All DRM implementations will be broken. (Score:4, Informative)
Re:All DRM implementations will be broken. (Score:3, Informative)
Just one good example here.. Xbox 360. It's been out for a while and the DRM is still essentially there. Except that games can be COPIED. But forget about playing that "backup" of brand new R1 game in your R2 console, pardner. Region codes are NOT hacked.
Neither is requirement for signed code.
So what the modchips essentially do is hack the dvd drive to give "we're good here" response to appropriate media query, but you need 1:1 copy of the original media to pull that off or the signature won't match.
No media center for X360, thought. XNA program does not let you do it even after you fork out $99/year for the privilege because XNA progs cannot use network (and access your huge collection of dvd rips and mp3s)
Re:The problem (Score:3, Informative)
Bollocks. AES (used by AACS) and many other ciphers are pretty well protected against known plain text attacks. Furthermore, with common block sizes of 8 and 16 bytes it would be very hard to decrypt just a single byte.
Re:All DRM implementations will be broken. (Score:3, Informative)
Nope--it's like the IRA said to Mrs. Thatcher: "To stay alive you have to get lucky every time. To kill you we only have to get lucky once."
And real security isn't through obscurity: it is through physical denial of access to the decryption key. What even hardened TPM chips do is more akin to handing a user a safe with the key inside, and giving them unlimited time and all the resources they feel like using to open it. Grad students with access to x-ray micrographs [oxfordjournals.org], people who like to solve near-field problems...
Additionally, here's a nice summary of one of the many non-physical reasons why TPM is not secure:
Ergo, some users must ultimately have access to keys to ensure failure recovery. Given everything we know about users, it would be ill-advised to bet against breaches driven by user behaviour even if the physically impossible were achieved and someone was able to make the hardware genuinely secure.
I can just see the headlines in 2010: "Intel Admits TPM Keys Leaked"
Re:MOD PARENT Up! (Score:3, Informative)
But then, hardware players can also be debugged just like a software player - it's a bit more cumbersome but it can be done or there would be no hardware players.